21 - FTP
Banner Grabbing
Telnet
telnet 10.0.0.3 21
Netcat
nc -n 10.0.0.3 21
NSE Script
nmap -sV -script banner -p21 -Pn 10.0.0.3
FTP
ftp 10.0.0.3
FTP Exploitation
Anonymous Login
Note: During the port scanning phase Nmap’s script scan (-sC
), can be enabled to check for FTP Bounce and Anonymous Login.
Try anonymous login using anonymous:anonymous
credentials.
ftp 10.0.0.3
…
Name (10.0.0.3:kali): anonymous
331 Please specify the password.
Password: [anonymous]
230 Login successful.
List all files in order.
ftp> ls -lat
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
…
226 Directory send OK.
FTP Browser Client
Try accessing ftp://user:[email protected]
from your browser. If not credentials provided anonymous:anonymous
is assumed.
Brute Forcing
Configuration files
It is important to examine these config files:
ftpusers
ftp.conf
proftpd.conf
Other
Binary and ASCII
Binary and ASCII files have to be uploading using the binary
or ascii
mode respectively, otherwise, the file will become corrupted. Use the corresponding command to switch between modes.
Download all files from FTP
wget -m ftp://anonymous:[email protected] #Donwload all
wget -m --no-passive ftp://anonymous:[email protected] #Download all
Last updated
Was this helpful?